formbook | e33e207971d05a656690c2ebd86e3f090f3e50d37b16320a69bc5c92f4402cd5 | Triage

Submit
Reports

Overview

overview

Static

static

Video clip.MP4.xls

windows7-x64

Video clip.MP4.xls

windows10-2004-x64

1

Sharing

General

Target

Video clip.MP4.xls
Size

1.0MB
Sample

221123-qxdh8aab2z
MD5

121e603042747acbd8d1fb2c55eaf080
SHA1

4a3d57363b240fd6644d9bc0f6abca7ec9cf3992
SHA256

e33e207971d05a656690c2ebd86e3f090f3e50d37b16320a69bc5c92f4402cd5
SHA512

d18c5dd7c620ab6827547bdf671cae9ae7809d2399650c45eb85809d7b81cff3e5a6ddd38b51eb2b93acd0ff400732b3a5de2325803d09ec92539e39e7c898b0
SSDEEP

24576:tr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX9mur5XXXXXXXXXXXXUXXXXXXXSXXXXXo:UPTKo

Score

10^/10

formbook do25 rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Video clip.MP4.xls

Resource

win7-20220812-en

formbook do25 rat spyware stealer trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

Video clip.MP4.xls

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

do25

Decoy

nickifarina.site

nfptrwge.bar

nobreemporio.com

split-acres.com

sharingservice-act.com

nakedinktees.shop

zhensheng1988.com

ipiton.com

liftoffdigitalmarketing.com

karen.cool

theprotestantchurch.com

shirhadarr.com

azdtwp.com

comzestdent.com

jnsjh.com

in-heat-cool.com

dfefej.top

tumingchun.com

eisei-shouji.tokyo

sparecreeping.com

savitleather.com

dfd33.com

bolognabene.net

googlesepaisekaisekamaye.com

f219te8i5y.xyz

protocolozeropedras.online

xn--obsuga-5db.tech

delightzeffl.cloud

frenchiescoin.com

holoslifestyles.com

busonthego.com

istanblyzx.online

lexasm.com

gour.top

smallbizratetracker.com

putconcept.website

ashleighcaroe.com

fredrickamzwaro.click

tracy41myers.online

gensource.net

leggings.design

circleofinfluence1.com

shiningdot.online

muhunglong.com

jaxon-lane.com

jzlc1788.com

personalscore.net

greenpackfeedback.tech

baoshuiniao.com

hotelocioclub.com

goodtobehomeamerica.com

tlshine.com

cncndinosaurs.xyz

escalateph.com

climatehub.tech

sxtfjx.xyz

slotxoth456.com

mascotemais.shop

karnakai.net

ewqjai.xyz

currencyrates.wiki

ceruleankeep.com

okx-veri.xyz

kumamotometallic.com

pornblogsspider.com

Targets

- Target
  
  Video clip.MP4.xls
- Size
  
  1.0MB
- MD5
  
  121e603042747acbd8d1fb2c55eaf080
- SHA1
  
  4a3d57363b240fd6644d9bc0f6abca7ec9cf3992
- SHA256
  
  e33e207971d05a656690c2ebd86e3f090f3e50d37b16320a69bc5c92f4402cd5
- SHA512
  
  d18c5dd7c620ab6827547bdf671cae9ae7809d2399650c45eb85809d7b81cff3e5a6ddd38b51eb2b93acd0ff400732b3a5de2325803d09ec92539e39e7c898b0
- SSDEEP
  
  24576:tr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXX9mur5XXXXXXXXXXXXUXXXXXXXSXXXXXo:UPTKo
Score

10^/10

formbook do25 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

formbookdo25ratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy